Check all frames for stateless reset conditions

In writing the quic stateless reset test we found that the quic rx code wasn't checking for stateless reest conditions, as the SRT frames were getting discarded due to failed lcdim lookups. Move the SRT check above the lcdim lookup in the rx path to ensure we handle SRT properly in the client. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23384)
author: Neil Horman <nhorman@openssl.org> 2024-01-24 13:23:28 -0500
committer: Neil Horman <nhorman@openssl.org> 2024-01-31 08:45:56 -0500
commit: d2e7855f5bdb2f817f6adb7ce6562505ec244474 (patch)
tree: eceaa448df667e468ef83a5f4e5cd899cb6feb1b /ssl
parent: 69055b2ceca9e86e536ab17c862e46734c1a61de (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index 46ca22cc3b..0de384de45 100644
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -499,6 +499,9 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg,
     if (!ossl_quic_port_is_running(port))
         goto undesirable;
 
+    if (port_try_handle_stateless_reset(port, e))
+        goto undesirable;
+
     if (dcid != NULL
         && ossl_quic_lcidm_lookup(port->lcidm, dcid, NULL,
                                   (void **)&ch)) {
@@ -507,9 +510,6 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg,
         return;
     }
 
-    if (port_try_handle_stateless_reset(port, e))
-        goto undesirable;
-
     /*
      * If we have an incoming packet which doesn't match any existing connection
      * we assume this is an attempt to make a new connection. Currently we
author	Neil Horman <nhorman@openssl.org>	2024-01-24 13:23:28 -0500
committer	Neil Horman <nhorman@openssl.org>	2024-01-31 08:45:56 -0500
commit	d2e7855f5bdb2f817f6adb7ce6562505ec244474 (patch)
tree	eceaa448df667e468ef83a5f4e5cd899cb6feb1b /ssl
parent	69055b2ceca9e86e536ab17c862e46734c1a61de (diff)